cryptojacking

What is Cryptojacking? How to respond or prevent an attack

Last updated on June 22, 2021

In 2017, a man went into Starbucks, bought a cup of coffee, loaded his Wi-Fi through the Starbucks landing page and found he’d been cryptojacked. What’s cryptojacking? That’s where hackers use your processing devices without permission to mine crypto.

Miners have to invest significant money in powerful equipment to mine cryptocurrency like ZCash or Monero. The more powerful their computer processing units, the more crypto they get, and the faster they get it.

Given that at-home energy costs for mining average $396 per month and miners want to make a profit, they need a way to cut their costs.

That’s where a growing number of crypto miners turn to cryptojacking.

How does Cryptojacking Work?

Hackers can buy malicious JavaScript-based software from the deep web or from companies like Cryptoloot, JSEcoin and Deepminer. The software costs as little $30 and can be embedded by even technology-poor users.

Cryptojackers use this code in three different ways. They may bait you with legitimate-looking emails that encourage you to click on certain links. They hijack and install the code in the IT cloud system of a business. Cryptojackers, also, hack and infect popular websites that attract billions of visitors with their cryptomining code.

That’s what happened in the Starbucks case. In either method, when victims unwittingly access this code with their Internet-connected devices, those devices become infected, giving hackers the secret use of their computing devices to mine cryptocurrency.

Succesful cryptojackers have a field day. They’re unlikely to get caught. And since their malware sucks up 100 percent of their victim’s computing power, cryptojackers could make as much as a thousand dollars in cryptocurrency in one to two days.

That’s good for them; bad for their victims. Your energy bills soar. Your computer power drags. According to security researcher Willem de Groot, you’re also likely to get your credit card details stolen, because of other malware that’s on 80 percent of these infected pages.

The Rise in Cryptojacking

To gauge the extent of how common cryptojacking used to be, consider that in 2017 popular anti-malware software Malwarebytes reported that their second most frequently blocked website was the notorious cryptojacking script engine coinhive.com. (In 2017, CoinHive Stratum Proxy found CoinHive was downloaded about 2,500 times a day!)

Since CoinHive’s demise in March, 2019, SonicWall’s 2020 Cyber Threat Report found that cryptojacking attacks fell 78% in the second half of that year.

Still, cryptojacking attempts continue, with not even Google Play Store remaining safe. In 2018, Kaspersky Lab researchers found suspicious apps and games.  More recent news reports tell of hackers that have use YouTube to install their cryptojacking malware.

In short, cybersecurity professionals from the Norwegian University of Science and Technology say cryptojacking can be very difficult to detect, while even aware users might not bother getting rid of the infection.

How to Detect Cryptojacking

There are certain signs that indicate you may be gifting your computing power to someone else.

  • Your device is going far too slow for no observable reason. This includes desktops, laptops, tablets, and mobile devices. Your devices or routers could stall.
  • Your computing devices are overheated, causing fans to run longer than they should to cool down the system. Overheating is especially true of thin devices like smartphones or tablets.
  • Devices shut down due to lack of available processing power.
  • There’s suspicious activity on your webpages, more noticeable on a personal computer than on company computers that handle thousands of messages a day.
  • Your monthly electricity bills soar for no clear reason.

Another clue is a sharp spike in your CPU processing when visiting a “regular” site.

If you want to see what’s really going on under the hood, check your CPU usage via the Activity Monitor or Task Manager. If all your tabs are closed, but CPU usage is still high, some malicious miner may be sucking your processing power.

If you operate a business, have your security operations center (SOC) monitor for file changes on the web server or changes to your webpages.

How Should You Respond to a Cryptojacking Attack?

  • Kill and block website-delivered scripts – Note the website URL with that incriminating JavaScript string and update your web filter to block that page.
  • Update and purge browser extensions – Check your extension. If it’s a browser-infected extension, remove it and update the other extensions.
  • Turn off JavaScript in Task Manager – Since cryptojacking comes from plugins that use Javascript, that’s a guaranteed way to not only shelter your device from infections but also to stop the malware in its tracks.
  • Learn and adapt – Use the experience to learn how your system was infected. If you run a business, use this experience to teach your helpdesk and IT training how to identify crypto-attacking attempts and how to respond accordingly.

How To Prevent a Cryptojacking Attack?

The same way as with all malware:

  • Regularly monitor your computer’s processing speed and power usage.
  • Use browser extensions, like No Coin, Anti Miner, and MinerBlock, that are designed to stall crypto mining scripts.
  • Use more reliable ad blockers, such as Adblock Plus that’s also designed for cryptojacking. Hackers often use ads as a front for their sneaky code. If you use general malware software, PowerShell is one that security experts typically recommend. Larger businesses invest in firewalls like Mobile Device Management (MDM) solutions or WatchGuard.
  • Install the latest software updates and patches for your operating system and all applications. Check and update your browser extensions. Some attackers use malicious browser extensions or infect legitimate extensions to deploy their crypto mining scripts.
  • Keep your web filtering tools up to date. Block pages with cryptojacking scripts.
  • Steer clear from public WiFi, especially if you use a device with a crypto wallet.
  • If you’re a business owner, introduce the topic of cryptojacking into your employee security training. Focus on how to identify phishing-type attempts.

Other software systems that businesses like to employ include SOAR (Security Orchestration, Automation and Response) and managed SIEM (Security Information and Event Management) for detecting and stemming invaders before they stall your system.

For the really concerned:  Cyber risk solution provider Coalition, offers cyber insurance with comprehensive coverage for businesses, which includes crypto jacking and illegal crypto mining.

Cryptojacking FAQ

Hackers trick victims into downloading malware through social engineering attacks, through breaching your cloud infrastructure, or through injecting malicious code into web pages. They can also infiltrate a company’s server resources, installing a JavaScript code that sucks up processing energy to mine crypto.
Your computer devices are going far too slow. They are overheated, causing fans to run longer than they should to cool down the system. Devices shut down due to lack of available processing power. Your devices or routers stall and your monthly electricity bills soars.
Use browser extensions to stall crypto mining scripts as well as ad blockers. Install the latest software updates and patches for your operating system and all applications. Keep your web filtering tools up to date. Block pages with cryptojacking scripts.

Bottom Line

Cryptojackers try their darndest to make money off you. Your best way to get them off your back (and out of your computers), is to understand how they work. As they become savvier, you’ll want to become more informed and alert.

Beat them at their game!